Closed oluckyman closed 5 years ago
Just tried to send 253 chars long string as wifi SSID. And it crushes the same way. So I think you can just take ble_prov example as is and send a long string as wifi credentials to reproduce that crash
@oluckyman Thanks for reporting the issue. There are two bugs involved here: 1) No upper limit on WiFi SSID /Passphrase length (Fix for this is already merged in the internal repo and should reflect on github soon) 2) Unbound memcpy into protocomm_ble prepare write buffer
Here's a patch combining both bugfixes. Please let me know if that fixes the problem. If so, I'll raise an internal merge request for the second bugfix.
Thanks for the quick response! Just tried the patch. Now it does not corrupt the heap. It shows in the monitor this error:
E (28492) protocomm_ble: Error appending to prepare buffer
It shows this error both for long Wi-Fi SSID and for long custom info
field.
Nothing happens after this error.
Yes. That is because protocomm_ble is limited by 256 byte of transaction limit. This is imposed by the maximum BLE attribute length hardcoded into protocomm_ble, so no way to change that. In any case BLE attribute length is limited to 512 as per standard. In case you want to achieve longer transaction size, have the protocol send / receive data in pieces.
Edit:
It shows this error both for long Wi-Fi SSID and for long custom info field.
Wi-Fi SSID and Passphrase are limited to 32 and 63 bytes (as per standard), respectively, so cannot make these any longer. There is no limit on the custom info field, so that can be as long as possible, given the packet size is <= 256 bytes.
There is an internal merge request under review that should allow for longer than 512 byte transactions, but it will take some time to finalize.
@anurag-kar I would also like to send/receive requests/responses which size is bigger than 512 bytes, so I'm interested in your last comment: https://github.com/espressif/esp-idf/issues/3633#issuecomment-503653717
What is the status for the internal merge request that should allow for longer than 512 byte transactions and which you were talking about ?
Environment
git describe --tags
to find it): // v3.3-beta3 // also tried at v3.2xtensa-esp32-elf-gcc --version
to find it): // 5.2.0Problem Description
I mixed two examples: ble_prov and custom_config I send wifi config from my iOS app and ble_prov handler receives it. Then I send custom_config request from my iOS app and custom_config handler receives it. custom_config has example request:
When I send request with
info
string long enough (253 bytes to be exact) the program crashes with CORRUPT HEAP error.Expected Behavior
It should not crush. It should show in the monitor "Custom config received" the same as it does for the shorter strings:
Actual Behavior
It crushes with CORRUPT HEAP error:
Steps to repropduce
I'll attach code, but it's just the code from examples mixed together. There is no my code at all. Also I inserted heap integrity checks in every function and it's fine everywhere.
The requests are sent from my iOS app, but I think you can use python script to send requests. First it sends wifi ssid and passphrase as in
ble_prov
example. Then it sends custom config request withinfo
andversion
as incustom_config
example.UPDATE
Just tried to send 253 chars long string as wifi SSID. And it crushes the same way. So I think you can just take
ble_prov
example as is and send a long string as wifi credentials.Code to reproduce this issue
https://github.com/oluckyman/esp-idf-ble_prov_and_custom_config
Debug Logs
Other items if possible
build
folder (note this may contain all the code details and symbols of your project.) // will upload on demand